Add imap-brute as I missed it in the earlier commit [Patrik]

scripts/imap-brute.nse

@@ -0,0 +1,140 @@
+description = [[
+Performs password guessing against IMAP servers using either LOGIN, PLAIN,
+CRAM-MD5, DIGEST-MD5 or NTLM authentication.
+]]
+
+---
+-- @usage
+-- nmap -p 143,993 --script imap-brute <host>
+--
+-- @output
+-- PORT    STATE SERVICE REASON
+-- 143/tcp open  imap    syn-ack
+-- | imap-brute: 
+-- |   Accounts
+-- |     braddock:jules - Account is valid
+-- |     lane:sniper - Account is valid
+-- |     parker:scorpio - Account is valid
+-- |   Statistics
+-- |_    Performed 62 guesses in 10 seconds, average tps: 6
+--
+-- @args imap-brute.auth authentication mechanism to use LOGIN, PLAIN, 
+--		 CRAM-MD5, DIGEST-MD5 or NTLM
+
+-- Version 0.1
+-- Created 07/15/2011 - v0.1 - created by Patrik Karlsson <patrik@cqure.net>
+
+require 'creds'
+require 'brute'
+require 'shortport'
+require 'imap'
+
+author = "Patrik Karlsson"
+license = "Same as Nmap--See http://nmap.org/book/man-legal.html"
+categories = {"brute", "intrusive"}
+
+portrule = shortport.port_or_service({143,993}, {"imap","imaps"})
+
+local mech
+
+-- By using this connectionpool we don't need to reconnect the socket
+-- for each attempt.
+ConnectionPool = {}
+
+Driver = 
+{
+
+	-- Creates a new driver instance
+	-- @param host table as received by the action method
+	-- @param port table as received by the action method
+	-- @param pool an instance of the ConnectionPool
+	new = function(self, host, port, pool)
+		local o = { host = host, port = port }
+       	setmetatable(o, self)
+        self.__index = self
+		return o
+	end,
+	
+	-- Connects to the server (retrieves a connection from the pool)
+	connect = function( self )
+		self.helper = ConnectionPool[coroutine.running()]
+		if ( not(self.helper) ) then
+			self.helper = imap.Helper:new( self.host, self.port )
+			self.helper:connect()
+			ConnectionPool[coroutine.running()] = self.helper
+		end
+		return true
+	end,
+
+	-- Attempts to login to the server
+	-- @param username string containing the username
+	-- @param password string containing the password
+	-- @return status true on success, false on failure
+	-- @return brute.Error on failure and brute.Account on success
+	login = function( self, username, password )
+		local status, err = self.helper:login( username, password, mech )
+		if ( status ) then 
+			self.helper:close()
+			self.helper:connect()
+			return true, brute.Account:new(username, password, creds.State.VALID)
+		end
+		if ( err:match("^ERROR: Failed to .* data$") ) then
+			self.helper:close()
+			self.helper:connect()
+			local err = brute.Error:new( err )
+			-- This might be temporary, set the retry flag
+			err:setRetry( true )
+			return false, err			
+		end
+		return false, brute.Error:new( "Incorrect password" )
+	end,
+	
+	-- Disconnects from the server (release the connection object back to
+	-- the pool)
+	disconnect = function( self )
+		return true
+	end,
+		
+}
+
+
+action = function(host, port)
+
+	-- Connects to the server and retrieves the capabilities so that
+	-- authentication mechanisms can be determined
+	local helper = imap.Helper:new(host, port)
+	local status = helper:connect()
+	if (not(status)) then return "\n  ERROR: Failed to connect to the server." end
+	local status, capabilities = helper:capabilities()
+	if (not(status)) then return "\n  ERROR: Failed to retrieve capabilities." end
+
+	-- check if an authentication mechanism was provided or try
+	-- try them in the mech_prio order
+	local mech_prio = stdnse.get_script_args("imap-brute.auth") 
+	mech_prio = ( mech_prio and { mech_prio } ) or 
+				{ "LOGIN", "PLAIN", "CRAM-MD5", "DIGEST-MD5", "NTLM" }
+	
+	-- iterates over auth mechanisms until a valid mechanism is found
+	for _, m in ipairs(mech_prio) do
+		if ( m == "LOGIN" and not(capabilities.LOGINDISABLED)) then
+			mech = "LOGIN"
+			break
+		elseif ( capabilities["AUTH=" .. m] ) then
+			mech = m
+			break
+		end
+	end
+
+	-- if no mechanisms were found, abort
+	if ( not(mech) ) then
+		return "\n  ERROR: No suitable authentication mechanism was found"
+	end
+		
+	local engine = brute.Engine:new(Driver, host, port)
+	engine.options.script_name = SCRIPT_NAME	
+	status, result = engine:start()
+	
+	for _, helper in pairs(ConnectionPool) do helper:close() end
+	
+	return result
+end